I had 1 server with 2 WordPress multisite installs. The first multisite has 3 websites which all are just personal little blog type sites of mine with 2 of the 3 in maintenance mode and the 3rd getting very little traffic. The second multisite has 4 websites with 3 in maintenance mode and the 4th a local non-profit site which gets very little traffic.

My bill is typically around $24. I get my monthly email that the bill is ready and look at it to see a bill of $306.78. As you can imagine I was in shock as I see a line item of $274.04 for Bandwidth Charges. I just couldn't figure out why or how I could have used so much bandwidth with the few sites I have. I immediately connected to support via Live Chat. The first person couldn't see why I was using so much bandwidth so they sent me to a second person who said I needed to hire a developer to look into this. I said that was unacceptable so they sent me to a third support person. He was able to look more at the logs and say that somehow it was recording that I used over 29TB of bandwidth. I could not find a source, a reason or anything why which makes me think maybe an error but I just don't know. He said he would enable some kind of logging or software or something that would capture more details and try and see what was going on. He said this would take some time to capture stats and that he would request billing to put the bill on hold for the time being. I think, great, thank you. That was August 1st.

August 2nd I get an email from a Customer Success Manager checking in to see how things are going. I replied back with detailed information on what was going on and to see if he could check on the status. I didn't hear anything from him or support the rest of that week so on Monday, August 7th I sent the manager another email asking if he found anything and what was going on.

I didn't hear anything back until today August 9th and it wasn't what I was expecting at all. I get an email that said your billing exemption is over, your servers are stopped and will be deleted in the next 24 hours. To avoid inconvenience kindly pay the dues. I just threw my arms in the air in absolute disbelief.

I have copied backups in case everything is deleted but this whole thing is just crazy. I loved Cloudways up until this but should I just pack it up and move to a different service?

On behalf of Customer Success team of Cloudways. I am personally taking care of your issue. We have a ticket opened for the same issue. Bandwidth utilization was abnormal till 21st of July. We are in contact with upstream provider for this.We Will update you accordingly on the ticket.

Some words of warning for anyone else out there and a huge suggestion to not have auto pay setup.

Lots of back and forth and nobody still was able to determine what or where all the bandwidth was coming from. Very strange coincidence that Cloudways suddenly offered to cut the bill in half to $170 and said I must have done some kind of change because the bandwidth went back to normal. I had made no change during the time they were "investigating". I wonder if they found something on their end or something in the connection to Vultr that was an oops on them and now trying to stick me with the bill. Just speculation on my part since this whole ordeal has been shady.

On top of all of that they repeatedly kept trying to charge my credit card for the full amount after numerous emails from me and assurances from them that they would put the billing on hold. Even more I had asked to give me until Monday the 21st to pay the $170 which was agreed to by Cloudways. I get a collections email on Sunday the 20th telling me to pay $306.78. I emailed right back to that person but of course never heard back.

I mean come on, it is like nobody in the billing department knows what the other billing people are doing! They didn't even give me an updated invoice reflecting the $170 so i couldn't even pay it.

Needless to say I have moved on from Cloudways. It is unfortunate that billing/support is just a mess as they do have some good services.

Apologies for all the inconvenience which you have faced since last few days.

I checked the email logs and noticed that the last email you received on Sunday was missing the point of adding the funds of $170 only, which one of our CSMs mutually agreed with you so that we could add the remaining amount and mark your invoice as paid. As of now, we have added funds to your account. Once, you will add $170 to your account your invoice will be marked as paid.

You also have received a follow-up ticket today for the same (ticket #70377).

For step by step guide on how to add funds to your account please go to this Link.

If you can give another try to Cloudways we will make sure that you won't face such issues again.

@ahsan.parwez I did not stop replying, in fact your billing or support or whoever seemed to never want to get back to me. I would get an attempt to charge my credit card with which I would email billing and would never hear back. They just kept repeatedly trying to charge me with no contact.

They still "apparently" never determined the cause of the high bandwidth which all still seems very suspicious.

I am not aware of any attack. I use all the typical WordPress security measures and I never noticed a thing. The team did attempt to look through logs already.

I do like the services Cloudways is providing and maybe some day once support is a little better and the platform matures with the ability to monitor and alert on bandwidth usages I might give it another shot.

What did Cloudways "Monitoring" say after the fact? Did you have a lot of "Incoming network traffic" at the time?

Even though your site was not effectively hacked, there could still have been an attempt to hack it (or "drown" it, which is the purpose of a (D)DoS attack), but Cloudways should have seen that as well I guess.

@redsmurph They never could figure out the exact cause which I found really interesting. I still think they messed up somewhere and was trying to pass the cost off to me which is the reason I moved away from Cloudways.

While going through the history it looks like bandwidth was over used due to "uploading from an external source"

Our team didn't jump into details because we thought it was something that "client" was doing himself.

After the invoice was generated and issue was escalated, it was already too late. So, to summarize, we thought that "uploading" was intentional and there was no security lapse or editing done on your server by our team.

To give you relief our customer success team negotiated internally and thought to reduce your invoice by 50% (as there was no determined cause known for bandwidth usage)

I don't think I have seen such case happening till now and I would like to work together with you and our support department to actually find the cause and come to mutual understanding where it went wrong.